Basic Web Hacking
Provided by NotSoSecure part of Claranet Cyber Security
Refund Policy
Contact the organizer to request a refund.
Eventbrite's fee is nonrefundable.
About this event
This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for our "Advanced Web Hacking" course. This foundation course of "Web Hacking" familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you.
This course familiarises you with a wealth of tools and techniques required to breach and compromise the security of web applications. The course starts by discussing the very basics of web application concepts, and gradually builds up to a level where you can not only use the tools and techniques to hack various components involved in a web application, but also walk away with a solid understanding of the concepts on which these tools are based. The course will also talk about industry standards such as OWASP Top 10 and PCI DSS which form a critical part of web application security. Numerous real life examples will be discussed during the course to help you understand the true impact of these vulnerabilities.
What's the real impact of training your team through NotSoSecure?
Start to build the skills within your team to harden your perimeter, lower the risk of compromise, and make your organisation a less attractive target for attackers. Trained delegates can:
Who Should Attend
Prerequisites
Delegates should bring their laptop with windows operating system installed (either natively or running in a VM). Further, Delegates must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don't have an Ethernet connection (e.g. MacBook Air, tablets etc.) will not be supported during the course.
Course Outline
UNDERSTANDING THE HTTP PROTOCOL
INFORMATION GATHERING
USERNAME ENUMERATION & FAULTY PASSWORD RESET
ISSUES WITH SSL/TLS
CROSS SITE SCRIPTING (XSS)
CROSS SITE REQUEST FORGERY (CSRF)
XML EXTERNAL ENTITY (XXE) ATTACKS
DESERIALIZATION VULNERABILITIES
What will this course cover?
To view the full course outline please click here
Refunds
Refunds available if notice is given before at least 7 days before the event date
Contact the organizer to request a refund.
Eventbrite's fee is nonrefundable.
About this event
- 1 day 8 hours
- Mobile eTicket
This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for our "Advanced Web Hacking" course. This foundation course of "Web Hacking" familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you.
This course familiarises you with a wealth of tools and techniques required to breach and compromise the security of web applications. The course starts by discussing the very basics of web application concepts, and gradually builds up to a level where you can not only use the tools and techniques to hack various components involved in a web application, but also walk away with a solid understanding of the concepts on which these tools are based. The course will also talk about industry standards such as OWASP Top 10 and PCI DSS which form a critical part of web application security. Numerous real life examples will be discussed during the course to help you understand the true impact of these vulnerabilities.
What's the real impact of training your team through NotSoSecure?
Start to build the skills within your team to harden your perimeter, lower the risk of compromise, and make your organisation a less attractive target for attackers. Trained delegates can:
- Confidently articulate the intricacies of the HTTP protocol and how it can be manipulated to achieve a malicious goal
- Understand how to use industry-standard tools, such as Burpsuite, to perform manual penetration testing against web applications
- Find and exploit vulnerabilities in web applications, including those that would lead to injection attacks, authorisation and bypass authentication, malicious file uploads, and more
- Identify the infrastructure and frameworks underlying a web attack surface
- Understand complications related to cryptography and the effect on web applications
- Understand how to tie security testing and other offensive and defensive measures back to authentic attack vectors
Who Should Attend
- Security enthusiasts
- Anybody who wishes to make a career in this domain and gain some knowledge of networks and applications
- Web Developers
- System Administrators
- SOC Analysts
- Network Engineers
- Pen Testers who are wanting to level up their skills
Prerequisites
Delegates should bring their laptop with windows operating system installed (either natively or running in a VM). Further, Delegates must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don't have an Ethernet connection (e.g. MacBook Air, tablets etc.) will not be supported during the course.
Course Outline
UNDERSTANDING THE HTTP PROTOCOL
- HTTP Protocol Basics
- Introduction to proxy tools
INFORMATION GATHERING
- Enumeration Techniques
- Understanding Web Attack surface
USERNAME ENUMERATION & FAULTY PASSWORD RESET
- Attacking Authentication and Faulty Password mechanisms
ISSUES WITH SSL/TLS
- SSL/TLS misconfiguration AUTHORIZATION BYPASS
- Logical Bypass techniques
- Session related issues
CROSS SITE SCRIPTING (XSS)
- Various types of XSS
- Session Hijacking & other attacks
CROSS SITE REQUEST FORGERY (CSRF)
- Understanding CSRF attack SQL INJECTION
- SQL Injection types
- Manual Exploitation
XML EXTERNAL ENTITY (XXE) ATTACKS
- XXE Basics
- XXE exploitation INSECURE FILE UPLOADS
- Attacking File upload functionality
DESERIALIZATION VULNERABILITIES
- Serialization Basics
- PHP Deserialization Attack
What will this course cover?
To view the full course outline please click here
Refunds
Refunds available if notice is given before at least 7 days before the event date
Related article
Join Claranet's cyber security training courses this spring!
Join our cyber security training courses this spring!